SEKTOR7 Institute/RED TEAM Operator: Privilege Escalation in Windows Course

  • $239

RED TEAM Operator: Privilege Escalation in Windows Course

  • 33 Lessons
  • 365-day access

A course about breaking and bypassing Windows security model. Escalating privileges with 20 different techniques. From non-admin to SYSTEM.

Welcome to Privilege Escalation in Windows course!

Let's make it short.
You're interested in Windows security, right? Otherwise you wouldn't be here. You are either led by natural curiosity of security researcher or doing penetration testing professionally, or both. And maybe you need to get better understanding of how privilege escalation works in Microsoft environments.

So here's what's in the course.
It is indeed about escalating privileges in Windows. But it's not only about getting SYSTEM, as there are other shades of that tactic. From the course you'll learn about becoming another user, breaking out from Medium to High Integrity Level, or from High to System, and abusing privileges assigned to your access token to get more powers on the box.

You will get access to a complete testing environment with many misconfigurations and vulnerable services plus code templates with full building toolchain. As we usually do in SEKTOR7 it's a ready-to-use package prepared for any student who's willing to take some time and experiment and learn new things.

So if you're still interested, get on board, relax and take a great journey through the world of Windows security. You'll love it!

COURSE IN A NUTSHELL

You Will Learn

  • 20 different techniques of Windows Privilege Escalation, like:
    • DLL Hijacking
    • Bypassing UAC
    • Misusing Windows Vault
    • Exploiting leaked handles
    • Hacking named pipes
    • Abusing access tokens
    • and much more...
  • How Windows Security Model works

Target Audience

  • Ethical Hackers
  • Penetration Testers
  • Blue Teamers
  • Threat Hunters
  • All security engineers/professionals wanting to learn advanced offensive tactics

Requirements

  • Understanding of operating system architecture
  • Some experience with Windows OS
  • Basic knowledge about coding in C/C++
  • Computer with min. 4 GB of RAM + 30 GB of free disk space
  • VirtualBox 6.0+ installed
  • Strong will to learn and having fun

Testimonials

Contents

Intro and Setup

Introduction to Windows Security
  • 10 mins
  • 26.8 MB
Preview
Intro Addendum
  • 3 mins
  • 4.87 MB
Course VM Setup
  • 4 mins
  • 12.6 MB
RTO-LPE.ova
    RTO-LPE.zip
    • 1.25 MB

    Credentials

    "Low Hanging Passwords"
    • 9 mins
    • 37.9 MB
    "The X Files" - Interesting Files
    • 5 mins
    • 15.9 MB
    "Swimming in Hives" - Registry
    • 4 mins
    • 16 MB
    "A Boss with Creds" - Abusing Credential Manager
    • 13 mins
    • 49.7 MB
    "The King is Naked" - Robbing Credential Manager
    • 4 mins
    • 14.9 MB
    "A Thief" - Asking User for Creds
    • 5 mins
    • 16.2 MB

    Unsecured Objects

    "Boundless Servant" - Unsecured Service [1]
    • 9 mins
    • 35.2 MB
    "Lonely Vassal"- Unsecured Service [2]
    • 10 mins
    • 39.4 MB
    Preview
    "Hornets' Nest"- Unsecured Service [3]
    • 10 mins
    • 37.5 MB

    Execution Flow Hijacking

    "Folding Papers"- Unsecured File System
    • 17 mins
    • 65.2 MB
    "Hi Jack, Show Me THE WAY" - Exploiting PATH
    • 6 mins
    • 26.9 MB
    "Closed. No Service" - Missing Service
    • 6 mins
    • 22 MB
    "Jobless" - Missing Task
    • 10 mins
    • 40.3 MB
    "Library Has Fallen" - DLL Hijacking
    • 21 mins
    • 86.9 MB
    "You Ain't Corner Me" - UACME
    • 11 mins
    • 51.7 MB

    Getting SYSTEM

    "! NeverRemoveDepressed" - AlwaysInstallElevated Hack
    • 8 mins
    • 29.8 MB
    Preview
    "Hi, Sis!" - New Service for SYSTEM
    • 4 mins
    • 15.8 MB
    "Nick Has a Leak: Prelude" - Leaked HANDLE [1]
    • 4 mins
    • 8.06 MB
    Preview
    "Nick Has a Leak: Demon" - Leaked HANDLE [2]
    • 12 mins
    • 46.9 MB
    "Nick Has a Leak: Sequel" - Leaked HANDLE [3]
    • 9 mins
    • 38.2 MB
    "Chip & Dance: Prologue" - Abusing Tokens [1]
    • 3 mins
    • 5.28 MB
    "Chip & Dance Show" - Abusing Tokens [2]
    • 6 mins
    • 27.8 MB
    "Broken Calumet: Overture" - Exploiting Named Pipes [1]
    • 4 mins
    • 7.38 MB
    "Broken Calumet Exposed" - Exploiting Named Pipes [2]
    • 8 mins
    • 31.9 MB

    Assigments

    Assignment #1
      Preview
      Assignment #2
        Preview
        Assignment #3
          Preview

          Summary

          Course Closing Information
          • 3 mins
          • 5.56 MB

          Instructor: reenz0h

          Chief Research Officer at SEKTOR7. In the industry for over 20 years. Worked in global Red Team for almost a decade. Simulated threat actors targeting IT infrastructure across various industries (financial, technology, industrial, energy, aviation) around the world. Speaker at HackCon, PWNing, WTH@ck, Sec-T, T2, DeepSec. Gave guest lectures at several military and civil academies and universities.

          Founder of x33fcon security conference
          and SEKTOR7 offensive research company

          FAQs

          Why malware development?

          So-called malware development in the context of legal security testing is also known as offensive security tool (OST) development. The goal is to teach all cybersecurity professionals, both red and blue teams, to use this knowledge to better understand how real threat actors operate and use different techniques (TTP). This approach should significantly improve the skillset of offensive and defensive teams in testing and securing the production environments of their customers and employers in the long run.

          How long is the course?

          All videos are about 3.5 h long.

          What language is used in the course?

          All videos, text and materials are in English.

          Is it on-line course only?

          The course is composed of 2 types of materials. Videos, which are available on-line only, and virtual machine with source code templates, which can be downloaded and stored on your computer, so you can access it later off-line.
          In case of video download attempts, access to the content will be revoked.

          How long is the course available after purchase?

          After you purchase the course, you have access to all the videos and materials for 365 days. You can learn whenever you want, the content will always await for you within that time frame.
          Moreover, any updates to the course materials (ie. new modules, new videos, new files, etc.) will also be available for anyone who purchased the course without any extra charge.

          Do I have to be an expert in C language?

          No. Although some level of experience in C programming reading is required, you don't have to be an expert in this field. Basic knowledge about the syntax, data structures and function calling convention is enough during the course.
          For refresher check Windows API tutorial

          How can I get an invoice?

          You can get an invoice after you purchase the course.
          After logging into your account, first go to Settings and edit Address (including business details like company name and tax ID). Then save and go to Billing and just download the invoice.

          How to change VAT rate?

          When you are registering in the course, you can choose VAT rate appropriate for your country (if you are from EU). After you supply your email, the system will present you a price with suggested VAT rate, and, if a tax rate is inappropriate or you do not qualify for VAT because of your tax residence, adjust the rate by clicking on update and chose your country of residence.

          Can I get a Certificate of Completion?

          When the course is finished, Certificate of Completion will be generated automatically. The notification email will be send with CoC access details.
          To include your name on the certificate, please provide your first and last name in your profile Settings.

          Can I share my account with others?

          Unfortunately, we consider this unfair and therefore it is prohibited. We try to keep our prices affordable so that the course can reach as many students as possible.

          Legal Disclaimer

          All the materials are for educational and research purposes only.
           
          Do not attempt to violate the law with anything contained in materials produced by Sektor7. Neither administration of this server, the authors of this material, or anyone else affiliated in any way, is going to accept responsibility for your actions.

          By using institute.sektor7.net and its contents, you accept that you will only lawfully use it in a test lab – with devices that you own or are allowed to conduct penetration tests for your customers and clients.

          Do not abuse this material. Be responsible.
          SEKTOR7 © All rights reserved